Lucene search
K

9382 matches found

Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.19 views

Amazon Linux 2 : python3 (ALAS-2025-2762)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2762 advisory. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as globally...

7.5CVSS6.8AI score0.01034EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.16 views

Amazon Linux 2 : emacs (ALAS-2025-2757)

The version of emacs installed on the remote host is prior to 27.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2757 advisory. In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted...

7.8CVSS8.1AI score0.00526EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.12 views

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2025-850)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-850 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions sendOverloadError is going to assume the active request exists when envoy.loadshedpoints.http1serverabortdispatch...

7.5CVSS7.1AI score0.00687EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.11 views

Amazon Linux 2023 : apache-commons-compress, apache-commons-compress-javadoc (ALAS2023-2025-841)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-841 advisory. When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to moun...

7.5CVSS6.2AI score0.13292EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.13 views

Amazon Linux 2 : python3 (ALAS-2025-2754)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2754 advisory. The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 ...

7.5CVSS6.9AI score0.02303EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.17 views

Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2025-844)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-844 advisory. .NET and Visual Studio Remote Code Execution Vulnerability CVE-2025-21172 .NET Elevation of Privilege Vulnerability CVE-2025-21173 .NET, .NET Framework, and Visual Studio Remote Code Execution...

8.8CVSS7.9AI score0.02262EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.18 views

Amazon Linux 2 : python-pillow (ALAS-2025-2768)

The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2768 advisory. PIL/IcnsImagePlugin.py in Python Imaging Library PIL and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote...

5CVSS6.8AI score0.03587EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.16 views

Amazon Linux 2 : python-ipaddress (ALAS-2025-2761)

The version of python-ipaddress installed on the remote host is prior to 1.0.16-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2761 advisory. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as...

7.5CVSS6.8AI score0.01034EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.10 views

Amazon Linux 2 : gsl (ALAS-2025-2758)

The version of gsl installed on the remote host is prior to 1.15-13. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2758 advisory. GSL GNU Scientific Library through 2.8 has an integer signedness error in gslsimansolvemany in siman/siman.c. When params.ntries is...

3.6CVSS5.2AI score0.00282EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.15 views

Amazon Linux 2 : glib2 (ALAS-2025-2767)

The version of glib2 installed on the remote host is prior to 2.56.1-9. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2767 advisory. GLib's GVariant deserialization prior to GLib 2.74.4 failed to validate the input conforms to the expected format, leading ...

7.8CVSS7.2AI score0.00774EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.18 views

Amazon Linux 2 : grub2 (ALAS-2025-2756)

The version of grub2 installed on the remote host is prior to 2.06-14. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2756 advisory. GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem...

8.8CVSS7.2AI score0.00721EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.9 views

Amazon Linux 2023 : grub2-common, grub2-efi-aa64, grub2-efi-aa64-cdboot (ALAS2023-2025-847)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-847 advisory. GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. CVE-2024-56737 Tenable has extracted the preceding description block directly...

8.8CVSS7.2AI score0.00721EPSS
Exploits0References4
Amazon
Amazon
added 2025/02/25 12:0 a.m.30 views

Medium: python3

Issue Overview: The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. CVE-2024-11168 There ...

7.5CVSS7.1AI score0.02303EPSS
Exploits1
Amazon
Amazon
added 2025/02/25 12:0 a.m.22 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method CVE-2024-49860 In the Linux kernel, the following vulnerability has been resolved: driver core: bus: Fix double free in driver API busregister CVE-2024-50055 Affecte...

7.8CVSS8.6AI score0.00253EPSS
Exploits0
Amazon
Amazon
added 2025/02/25 12:0 a.m.5 views

Medium: python3

Issue Overview: A defect was discovered in the Python "ssl" module where there is a memory race condition with the ssl.SSLContext methods "certstorestats" and "getcacerts". The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContex...

7.4CVSS6.8AI score0.00804EPSS
Exploits0
Amazon
Amazon
added 2025/02/25 12:0 a.m.16 views

Low: gsl

Issue Overview: GSL GNU Scientific Library through 2.8 has an integer signedness error in gslsimansolvemany in siman/siman.c. When params.ntries is negative, incorrect memory allocation occurs. CVE-2024-50610 Affected Packages: gsl Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

3.6CVSS3.8AI score0.00282EPSS
Exploits1
Amazon
Amazon
added 2025/02/25 12:0 a.m.8 views

Low: gsl

Issue Overview: GSL GNU Scientific Library through 2.8 has an integer signedness error in gslsimansolvemany in siman/siman.c. When params.ntries is negative, incorrect memory allocation occurs. CVE-2024-50610 Affected Packages: gsl Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

3.6CVSS7AI score0.00282EPSS
Exploits1
Amazon
Amazon
added 2025/02/25 12:0 a.m.7 views

Medium: python-jwcrypto

Issue Overview: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot o...

6.8CVSS6.7AI score0.0098EPSS
Exploits1
Amazon
Amazon
added 2025/02/25 12:0 a.m.22 views

Important: glib2

Issue Overview: GLib's GVariant deserialization prior to GLib 2.74.4 failed to validate the input conforms to the expected format, leading to denial of service. CVE-2023-29499 GLib's GVariant deserialization prior to GLib 2.74.4 is vulnerable to a slowdown issue where a crafted GVariant can cause...

7.8CVSS7.1AI score0.00774EPSS
Exploits0
Amazon
Amazon
added 2025/02/25 12:0 a.m.22 views

Important: emacs

Issue Overview: In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs ...

7.8CVSS8AI score0.00526EPSS
Exploits0
Rows per page
Query Builder